:: #mythtv

Daily chat history

Current users (59):

aloril_, Anssi, benklop, betheynyx, blahdodo, brfransen, ChanServ, Chutt, clever, cougar_st, CyberJacob, davic, dblain, dekarl, dhampton, dym, ElmerFudd, gary_buhrmaster, ghoti, gigem, gregbert, gregl_, GreyFoxx, Hydr0p0nX, ikevin, jab416171, jams, jheizer, jpabq, jpharvey, jst, jya, knowledgejunkie, KooeeeeennN, logan-, mad_enz, markspieth, membiblio, MitchCapper, MythBuild, MythLogBot, nephyrin, peper03, poptix, pppingme, rhpot1991, scilib, ShapeShifter499, sphery, sraue, stuarta, tgm4883, Tobbe5178, tris, vincent42, wagnerrp, XDS2010, xris, _charly_
Thursday, March 9th, 2017, 00:01 UTC
[00:01:21] gigem (gigem!~david@mythtv/developer/gigem) has joined #mythtv
[00:02:27] gregl (gregl! has joined #mythtv
[00:26:38] Roklobster (Roklobster! has quit (Remote host closed the connection)
[00:39:04] amessina (amessina!~amessina@unaffiliated/amessina) has quit (Quit: Konversation terminated!)
[00:55:38] arescorpio (arescorpio! has joined #mythtv
[01:08:00] gregl_ (gregl_! has joined #mythtv
[01:08:02] gregl (gregl! has quit (Read error: Connection reset by peer)
[02:02:40] ShapeShifter499 (ShapeShifter499!~ShapeShif@unaffiliated/shapeshifter499) has joined #mythtv
[02:51:09] pvr4me (pvr4me! has quit (Quit: pvr4me)
[04:01:28] peper03 (peper03!~peper03@mythtv/developer/peper03) has quit (Ping timeout: 260 seconds)
[04:07:08] peper03 (peper03!~peper03@mythtv/developer/peper03) has joined #mythtv
[04:10:57] arescorpio (arescorpio! has quit (Quit: Leaving.)
[06:26:58] ghoti (ghoti! has quit (Ping timeout: 268 seconds)
[06:27:11] ghoti (ghoti! has joined #mythtv
[06:59:54] jst_ (jst_! has quit (Quit: No Ping reply in 180 seconds.)
[07:01:13] jst (jst! has joined #mythtv
[07:14:58] jpharvey (jpharvey!~jpharvey@ has joined #mythtv
[08:04:45] SteveGoodey (SteveGoodey! has joined #mythtv
[08:22:31] dekarl1 (dekarl1!~dekarl@mythtv/developer/dekarl) has joined #mythtv
[08:23:26] dekarl (dekarl!~dekarl@mythtv/developer/dekarl) has quit (Ping timeout: 258 seconds)
[08:31:12] dekarl1 is now known as dekarl
[08:55:37] stuarta: morning all
[08:58:12] willcooke (willcooke! has joined #mythtv
[08:58:13] willcooke (willcooke! has quit (Changing host)
[08:58:13] willcooke (willcooke!~willcooke@ubuntu/member/willcooke) has joined #mythtv
[11:40:56] SteveGoodey (SteveGoodey! has quit (Quit: Konversation terminated!)
[13:49:56] ghoti (ghoti! has quit (Ping timeout: 260 seconds)
[13:50:19] ghoti (ghoti! has joined #mythtv
[15:51:42] SteveGoodey (SteveGoodey! has joined #mythtv
[17:12:35] Warped (Warped!~Warped@unaffiliated/warped) has joined #mythtv
[17:33:18] dhampton: Does myth still support xml grabbers? When I run mythtv-setup it only offers SD, EIT, or none. I want to test my changes to add sort fields to the db with the various possible sources.
[18:56:07] willcooke (willcooke!~willcooke@ubuntu/member/willcooke) has quit (Quit: Do your hobbies)
[19:00:20] gary_buhrmaster: dhampton: mythtv certainly supports xmltv grabbers, but (and this is possibly a dead neuron) that it calls tv_find_grabbers to get the list of available xmltv grabbers, and if none are found, likely does not offer any.
[19:11:21] peterbennett (peterbennett!~Peter@mythtv/developer/peterbennett) has joined #mythtv
[19:15:34] dhampton: Aah, thank you. That was it. I didn't have xmltv installed on my development machine.
[19:15:44] ** dhampton has more testing to do tonight **
[19:19:28] peterbennett: gary_buhrmaster: Regarding security, I am thinking maybe the backend should ignore connections that come from public ip addresses, i.e. anything other than the 192... , 10..., fe00::, fd00: or loopback ip addresses
[19:20:01] peterbennett: gary_buhrmaster: then we can safely listen on wildcard address
[19:34:49] gary_buhrmaster: peterbennett: There are people who want to run MythTV on public IPs (and there are even some (rational) reasons to do so). As long as people have that ability, ignoring non-link local (both IPv4 (169.254.x.x) and IPv6 (fe80::/10)), and RFC1918 (ipv4 (10/8, 172.16/12, 192.168/16)) & ULA (fc00:/7) addresses could be a reasonable out of the box config for TCP connections. The UDP message port (because sources can be spoofed)
[19:37:55] peterbennett: gary_buhrmaster: Yes – I was thinking provide a check box labeled UNSAFE.. ALLOW PUBLIC IP ADDRESS CONNECTIONS. As long as that is unchecked only allow the private addresses (ones you listed)
[19:38:08] peterbennett: gary_buhrmaster: That would default to unchecked
[19:41:23] peterbennett: gary_buhrmaster: what should be done about UDP?
[20:25:33] gary_buhrmaster: re: UDP. Change the message protocol to TCP? Or change the message handler default to not listen at all? I have never used it, so I have no idea what is best for others. Need to widen the question to others, I suspect.
[20:28:07] peterbennett: gary_buhrmaster: Sorry I thought you had a suggestion. In my opinion just ignore messages from the ips you don't want.
[20:28:47] gary_buhrmaster: But the point is that I can spoof the source of the message.... There is ZERO validation of source with UDP.
[20:33:11] gary_buhrmaster: I would eliminate UDP messaging entirely (if one wants messaging, upgrade to TCP), but others may have strong opinions.
[20:34:02] gary_buhrmaster: Or even only listen for UDP messaging on localhost. Many people run combined FE/BE systems.
[20:35:02] gary_buhrmaster: Again, if one *wants* to accept from ANY, one should have that ability, it is the out-of-the-box defaults that I think we are discussing.
[20:35:53] gary_buhrmaster: (going to be AFK for a few hours (at least))
[20:40:33] peterbennett: gary_buhrmaster: I have to look into it but I would hope that UDP is mainly used for streaming content and the like, not for control messages or requests to update or delete.
[20:42:04] gary_buhrmaster: what I was talking about is mythmessage (messages that pop up on your screen) "POP", "POP", "POP" from across the planet? [sorry, really gone now]
[21:00:19] dekarl: what's wrong with just listening to any ip of the network stack that the backend runs on?
[21:00:36] dekarl: if someone wants to do funky stuff just put the backend into a jail/container/vm
[21:00:58] dekarl: but the out of the box experience should be such that it works in more cases, not less :)
[21:04:51] dekarl: peterbennett: is that a provider supplied router that exposes your whole home network to the world unprotected?
[21:06:07] dekarl: or keep this big security hole open for plausible deniability in case someone sues against your public ip
[21:23:17] stuarta: my opinion is that anyone who has an unusual setup is quite capable of running their own firewall
[21:30:45] peterbennett: dekarl: That is my own router and my own cable modem
[21:31:08] stuarta: peterbennett: iirc your cable modem is pretty bad with it's ipv6 firewall?
[21:31:17] stuarta: like, it doesn't block anything?
[21:31:48] peterbennett: stuarta: As far as I can see it blocks nothing of IPV6
[21:31:58] stuarta: crappy :(
[21:32:25] stuarta: btw. i agree with the work you are doing, i've long thought it would be a good idea to do, to make new users lives easier
[21:32:39] stuarta: it's time we aimed at the 99% of users who have a "simple" setup
[21:33:16] peterbennett: stuarta: I am sending out another email to hopefully address the security.
[21:33:17] stuarta: your idea of only accepting connections from "local" addresses has some merit, would have to be defined as local="on my subnet"
[21:33:52] stuarta: there are of course the 0.1% of users who route traffic between subnets on their local networks
[21:33:55] peterbennett: stuarta: I am thinking eventually do away with the ip address prompts altogether.
[21:34:24] stuarta: for me the ideal case starts with a wildcard bind, so it works for the new user
[21:34:42] stuarta: add your idea of accepting only from "local" networks
[21:35:01] peterbennett: stuarta: I propose accepting all local subnets in the private / unique local / link local ranges
[21:35:17] peterbennett: stuarta: That would allow people with mutiple subnets
[21:35:18] stuarta: (although we need to consider the webfrontend here, since it's replacing mythweb, and therefore would have "remote" connections)
[21:35:48] stuarta: ah, i see. i would include "all subnet's the backend has ip's in"
[21:36:27] stuarta: which would include those who have global ipv6 addresses (and by extension, a subnet with global ipv6's)
[21:36:44] peterbennett: stuarta: Even more – all subnets in the private ranges. See my email I just sent.
[21:37:52] ** peterbennett Stepping away for a while **
[21:38:00] stuarta: yep, that's cool for all the ipv4 locals
[21:38:11] stuarta: and ipv6 LL's
[21:38:53] stuarta: i'll reply to your email
[21:59:20] peterbennett (peterbennett!~Peter@mythtv/developer/peterbennett) has quit (Quit: Leaving.)
[22:18:14] SteveGoodey (SteveGoodey! has quit (Quit: Konversation terminated!)
[22:29:36] Warped (Warped!~Warped@unaffiliated/warped) has quit (Quit: ChatZilla 0.9.93 [Firefox 52.0/20170302120751])
[23:33:58] sraue (sraue!~stephan@kodi/staff/sraue) has quit (Ping timeout: 264 seconds)
[23:34:37] sraue (sraue!~stephan@kodi/staff/sraue) has joined #mythtv

IRC Logs collected by BeirdoBot.
Please use the above link to report any bugs.